Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47356 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In log service, there is a missing permission check. This could lead to local denial of service in log service.
|
|||||
| CVE-2022-47355 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In log service, there is a missing permission check. This could lead to local denial of service in log service.
|
|||||
| CVE-2022-47354 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In log service, there is a missing permission check. This could lead to local denial of service in log service.
|
|||||
| CVE-2022-44268 | 1 Imagemagick | 1 Imagemagick | 2025-03-26 | N/A | 6.5 MEDIUM |
|
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
|
|||||
| CVE-2022-42950 | 1 Couchbase | 1 Couchbase Server | 2025-03-26 | N/A | 4.9 MEDIUM |
|
An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service.
|
|||||
| CVE-2022-38686 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
|
|||||
| CVE-2024-21161 | 1 Oracle | 1 Vm Virtualbox | 2025-03-26 | N/A | 5.5 MEDIUM |
|
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.20. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vul ...
Show More |
|||||
| CVE-2024-21031 | 1 Oracle | 1 Complex Maintenance Repair And Overhaul | 2025-03-26 | N/A | 6.1 MEDIUM |
|
Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Ove ...
Show More |
|||||
| CVE-2022-47370 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
|
|||||
| CVE-2023-52461 | 1 Linux | 1 Linux Kernel | 2025-03-26 | N/A | 5.3 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/sched: Fix bounds limiting when given a malformed entity
If we're given a malformed entity in drm_sched_entity_init()--shouldn't
happen, but we verify--with out-of-bounds priority value, we set it to an
allowed value. Fix the expression which sets this limit.
|
|||||
| CVE-2024-1725 | 1 Redhat | 5 Openshift Container Platform, Openshift Container Platform For Arm64, Openshift Container Platform For Ibm Z and 2 more | 2025-03-26 | N/A | 6.5 MEDIUM |
|
A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.
|
|||||
| CVE-2022-38396 | 1 Microsoft | 10 Windows 10 1507, Windows 10 1511, Windows 10 1607 and 7 more | 2025-03-25 | N/A | 7.8 HIGH |
|
HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with Windows 10 versions 21H2 on October 31, 2021.
|
|||||
| CVE-2024-29156 | 1 Openstack | 2 Murano, Yaql | 2025-03-25 | N/A | 6.5 MEDIUM |
|
In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.
|
|||||
| CVE-2024-21008 | 2 Netapp, Oracle | 5 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 2 more | 2025-03-25 | N/A | 4.4 MEDIUM |
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availabili ...
Show More |
|||||
| CVE-2025-2232 | 1 Purethemes | 1 Realteo | 2025-03-25 | N/A | 9.8 CRITICAL |
|
The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'do_register_user' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role.
|
|||||
| CVE-2024-27803 | 1 Apple | 2 Ipados, Iphone Os | 2025-03-25 | N/A | 2.4 LOW |
|
A permissions issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to share items from the lock screen.
|
|||||
| CVE-2024-36745 | 1 Oneflow | 1 Oneflow | 2025-03-25 | N/A | 7.5 HIGH |
|
An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.index_select parameter.
|
|||||
| CVE-2021-37492 | 1 Ravencoin | 1 Ravencoin | 2025-03-25 | N/A | 7.5 HIGH |
|
An issue discovered in src/wallet/wallet.cpp in Ravencoin Core 4.3.2.1 and earlier allows attackers to view sensitive information via CWallet::CreateTransactionAll() function.
|
|||||
| CVE-2021-37491 | 1 Dogecoin | 1 Dogecoin | 2025-03-25 | N/A | 7.5 HIGH |
|
An issue discovered in src/wallet/wallet.cpp in Dogecoin Project Dogecoin Core 1.14.3 and earlier allows attackers to view sensitive information via CWallet::CreateTransaction() function.
|
|||||
| CVE-2023-41956 | 1 Simple-membership-plugin | 1 Simple Membership | 2025-03-25 | N/A | 8.8 HIGH |
|
Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.3.4.
|
|||||
| CVE-2023-41957 | 1 Simple-membership-plugin | 1 Simple Membership | 2025-03-25 | N/A | 8.6 HIGH |
|
Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through 4.3.4.
|
|||||
| CVE-2025-2218 | 1 Lovecards | 1 Lovecards | 2025-03-25 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability has been found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. This vulnerability affects unknown code of the file /api/system/other of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-9966 | 1 Google | 1 Chrome | 2025-03-25 | N/A | 5.3 MEDIUM |
|
Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2024-9964 | 1 Google | 1 Chrome | 2025-03-25 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
|
|||||
| CVE-2024-9963 | 1 Google | 1 Chrome | 2025-03-25 | N/A | 4.3 MEDIUM |
|
Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-9962 | 1 Google | 1 Chrome | 2025-03-25 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-9958 | 1 Google | 1 Chrome | 2025-03-25 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-8906 | 1 Google | 1 Chrome | 2025-03-25 | N/A | 4.3 MEDIUM |
|
Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-7975 | 1 Google | 1 Chrome | 2025-03-25 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-6608 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-03-25 | N/A | 4.3 MEDIUM |
|
It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128 and Thunderbird < 128.
|
|||||
| CVE-2024-6148 | 1 Citrix | 1 Workspace | 2025-03-25 | N/A | 8.8 HIGH |
|
Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5
|
|||||
| CVE-2024-46935 | 1 Rocket.chat | 1 Rocket.chat | 2025-03-25 | N/A | 7.5 HIGH |
|
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service (DoS). Attackers who craft messages with specific characters may crash the workspace due to an issue in the message parser.
|
|||||
| CVE-2024-42978 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2025-03-25 | N/A | 9.8 CRITICAL |
|
An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request.
|
|||||
| CVE-2024-40519 | 1 Seacms | 1 Seacms | 2025-03-25 | N/A | 8.8 HIGH |
|
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.
|
|||||
| CVE-2024-36446 | 1 Mitel | 1 Mivoice Mx-one | 2025-03-25 | N/A | 8.8 HIGH |
|
The provisioning manager component of Mitel MiVoice MX-ONE through 7.6 SP1 could allow an authenticated attacker to conduct an authentication bypass attack due to improper access control. A successful exploit could allow an attacker to bypass the authorization schema.
|
|||||
| CVE-2024-36066 | 1 Keyfactor | 1 Ejbca | 2025-03-25 | N/A | 3.1 LOW |
|
The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier. CMP includes password-based MAC as one of the options for message integrity and authentication (the other option is certificate-based). RFC 4211 section 4.4 requires that password-based MAC parameters use a salt with a random value of at least 8 octets. This helps to inhibit dictionary attacks. Because ...
Show More |
|||||
| CVE-2024-27845 | 1 Apple | 2 Ipados, Iphone Os | 2025-03-25 | N/A | 3.3 LOW |
|
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.5 and iPadOS 17.5. An app may be able to access Notes attachments.
|
|||||
| CVE-2024-27807 | 1 Apple | 2 Ipados, Iphone Os | 2025-03-25 | N/A | 4.3 MEDIUM |
|
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An app may be able to circumvent App Privacy Report logging.
|
|||||
| CVE-2024-24051 | 1 Monoprice | 2 Select Mini 3d Printer V2, Select Mini 3d Printer V2 Firmware | 2025-03-25 | N/A | 5.5 MEDIUM |
|
Improper input validation of printing files in Monoprice Select Mini V2 V37.115.32 allows attackers to instruct the device's movable parts to destinations that exceed the devices' maximum coordinates via the printing of a malicious .gcode file.
|
|||||
| CVE-2024-23784 | 1 Sharp | 4 Jh-rv11, Jh-rv11 Firmware, Jh-rvb1 and 1 more | 2025-03-25 | N/A | 6.5 MEDIUM |
|
Improper access control vulnerability exists in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier, which may allow a network-adjacent unauthenticated attacker to obtain a username and its hashed password displayed on the management page of the affected product.
|
|||||